Risk management Definitions

  • C

    Center for Internet Security (CIS)

    The Center for Internet Security (CIS) is a nonprofit organization focused on improving public- and private-sector cybersecurity readiness and response.

  • Certified Information Systems Risk and Compliance Professional (CISRCP)

    A Certified Information Systems Risk and Compliance Professional (CISRCP) is a person in the information technology (IT) field that has passed an examination on risk and compliance topics developed by the International Association of Risk and Compliance Professionals (IARCP).

  • chief risk officer (CRO)

    The chief risk officer (CRO) is the corporate executive tasked with assessing and mitigating significant competitive, regulatory and technological threats to an enterprise's capital and earnings.

  • cloud computing security

    Cloud computing security is the set of control-based technologies and policies designed to adhere to regulatory compliance rules and protect information, data applications and infrastructure associated with cloud computing use.

  • compliance audit

    A compliance audit is a comprehensive review of an organization's adherence to regulatory guidelines.

  • Computer Fraud and Abuse Act (CFAA)

    The Computer Fraud and Abuse Act (CFAA) of 1986 is United States legislation that made it a federal crime to access a protected computer without proper authorization.

  • COMSEC (communications security)

    Communications security (COMSEC) is the prevention of unauthorized access to telecommunications traffic, or to any information that is transmitted or transferred.

  • D

    data governance policy

    A data governance policy is an organization’s set of information management processes that are designed to assist business administration and protect company assets.

  • E

    enterprise security governance

    Enterprise security governance is a company's strategy to reduce risk by protecting systems and information, as well as its execution of that strategy.

  • I

    inherent risk

    Inherent risk is a category of threat that describes potential losses or pitfalls that exist before internal security controls or mitigating factors are implemented.

  • internal audit (IA)

    An internal audit (IA) is an organizational initiative to monitor and analyze its own business operations in order to determine how well it conforms to a set of specific criteria.

  • N

    National Information Assurance Partnership (NIAP)

    The National Information Assurance Partnership (NIAP) is a U.S. government program designed to meet the security testing needs of information technology consumers and developers. The

  • NERC CIP (critical infrastructure protection)

    The NERC CIP (critical infrastructure protection) plan is a set of requirements designed to secure assets vital to reliably operating North America's bulk electric system.

  • O

    Occupational Safety and Health Administration (OSHA)

    Occupational Safety and Health Administration (OSHA) is a federal organization (part of the Department of Labor) that ensures safe and healthy working conditions for Americans by enforcing standards and providing workplace safety training.

  • online risk

    Online risk is the vulnerability of an organization's internal resources that arises from the organization using the Internet to conduct business.

-ADS BY GOOGLE

SearchCIO

SearchHealthIT

SearchCloudComputing

SearchDataCenter

SearchDataManagement

SearchSecurity

Close